CN112087429A - Computer network safety control system and control method thereof - Google Patents
Computer network safety control system and control method thereof Download PDFInfo
- Publication number
- CN112087429A CN112087429A CN202010783414.1A CN202010783414A CN112087429A CN 112087429 A CN112087429 A CN 112087429A CN 202010783414 A CN202010783414 A CN 202010783414A CN 112087429 A CN112087429 A CN 112087429A
- Authority
- CN
- China
- Prior art keywords
- attack
- module
- server
- intrusion
- instruction
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
Abstract
The invention discloses a computer network security control system and a control method thereof, wherein the system comprises a server, a hacker intrusion detection module, a virus attack detection module, a system protection detection module, a data storage module, a network on-off control module, a power supply module and an early warning display module; the invention is provided with the hacker intrusion detection module, the virus attack detection module and the system protection detection module, so that the protection of the system is more comprehensive, and the system safety can be well ensured; the early warning display module is arranged, so that early warning information is more detailed, and classified early warning of system safety is realized; the data storage module is divided into an internal storage hard disk and an external storage hard disk, and an internal standby hard disk is connected with the internal storage hard disk, so that the data security of the system is ensured from multiple aspects.
Description
Technical Field
The invention belongs to the technical field of network security, and particularly relates to a computer network security control system and a control method thereof.
Background
With the progress of computer technology, the information age is also coming up, people have stronger and stronger dependence on networks, and especially, an information infrastructure formed by combining computer technology and communication technology has become an important infrastructure reflecting the social characteristics of information. The openness and freedom of the network also creates the possibility that private information and data may be corrupted or stolen, and network security is becoming increasingly important.
A computer with publication number CN110855657A comprises a network security control system, which comprises a network monitoring module, an abnormity determination terminal, a port monitoring terminal, a port library, a sealing unit, a controller, a display unit and a data correction unit, wherein the abnormity determination terminal analyzes the abnormity condition of the network, and if the determination result is an abnormal state, the sealing unit seals and blackens, the network port is forbidden from accessing the network, and the network port of the software is deleted. The scheme monitors the network port of networking software in the computer, and judges the network port to be in an abnormal state when the network speed of the network port changes suddenly or continues to be high, and the judgment mode of the scheme is single, so that the protection range of the scheme is limited.
The scheme solves the defects of the existing computer network safety control system to a certain extent, but still has a place worthy of improvement.
Disclosure of Invention
In order to solve the problems of computer network security control, the invention provides a computer network security control system and a control method thereof.
The purpose of the invention can be realized by the following technical scheme: a computer network security control system and its control method, including server, hacker's invasion detection module, virus attack detection module, system defend detection module, data storage module, network make-and-break control module, power supply module and early warning display module;
the hacker intrusion detection module analyzes a data packet invaded by a hacker, establishes an intrusion characteristic library, and compares and matches the received data packet with the intrusion characteristic library, and the specific detection steps are as follows:
the method comprises the following steps: establishing an intrusion characteristic library by analyzing an intrusion mode of a hacker;
step two: analyzing the data packet received by the system, comparing and matching the analysis result with the attack mode in the intrusion feature library, if the matching is successful, sending a hacker intrusion instruction to the server, and sending a mark corresponding to the attack mode to the server; if the matching is unsuccessful, the hacker intrusion detection module does not respond;
step three: the characteristic database and the sent hacker intrusion instruction record are sent to a data storage module through a server;
the virus attack detection module is used for detecting whether a system is attacked by viruses or not, and the specific detection steps are as follows:
q1: the starting speed of the system is detected by a system starting speed detection unit and is marked as Vq(ii) a The opening speed of the file in the system is detected by a file opening speed detection unit and is marked as Vd(ii) a Detecting the loading speed of the program in the system by a program loading speed detection unit, and marking the program loading speed as Vj;
Q2: by the formulaAcquiring an operation speed V, wherein alpha, beta and gamma are specific proportionality coefficients;
q3: counting the resource occupation condition in the system through a system resource detection unit, and marking the resource occupation rate as Z;
q4: the integrity of the files stored in the system is verified through a file integrity detection unit, wherein the file integrity detection unit is provided with a digital abstract database of the files, and the specific verification steps are as follows:
w1: calculating a digital abstract of a file in the system through a Hash algorithm;
w2: comparing the digital abstract obtained by calculation with a digital abstract of a corresponding file in a digital abstract database;
w3: counting the proportion of the number of the digital abstracts to the total number of the files, which is different from the comparison result of the digital abstracts and the digital abstracts database, and marking the proportion as E;
q4: by the formula B ═ V.e-·Z+EAcquiring a virus threat coefficient B, wherein the virus threat coefficient B is a specific proportionality coefficient;
q5: when the virus threat coefficient is less than or equal to a preset threshold value, the virus attack detection module does not respond; when the virus threat coefficient is larger than a preset threshold value, the virus attack detection module sends a virus attack instruction to the server;
q6: sending the virus threat coefficient and the record for sending the virus attack instruction to a data storage module through a server;
the system protection detection module comprises a firewall detection unit and an intrusion feature library detection unit, and the specific detection steps are as follows:
r1: detecting the starting state and the updating state of a system firewall through a firewall detection unit, marking the starting state Q of the firewall as '1' when the firewall is started, and marking the starting state Q of the firewall as '0' when the firewall is started; when the firewall has been updated, it updates its state GFMarked as "1", when the firewall is not updated, it updates its state GFLabeled "0";
r2: detecting the update state of the intrusion feature library by an intrusion feature library detection unit, and updating the update state G of the intrusion feature library when the intrusion feature library is updatedTMarked as '1', when the intrusion feature library is not updated, the state G is updatedTThe label is "0",
r3: by the formula F ═ Q · GF·GTObtaining a system protection safety factor F, and when the system protection safety factor is less than or equal to a set threshold value, the system protection detection module does not respond; and when the system protection safety coefficient is greater than the set threshold value, the system protection detection module sends a system protection instruction to the server.
Preferably, the power supply module is used for supplying power to each module of the system, the power supply module comprises a main power supply and a standby power supply, the main power supply is used for supplying power for daily work of each module of the system, the standby power supply is started under the condition that the main power supply cannot work when an emergency occurs, the power supply module independently supplies power for the early warning display module and the data storage module, and a power supply on-off control module is arranged between the power supply and each module.
Preferably, the hacker intrusion mode includes a Land attack, a TCP SYN attack, a Ping Of Death attack, a WinNuke attack, a teradrop attack, and a TCP/UDP port scanning attack, and the specific analysis steps include:
s1: when the source address and the target address of the data packet are the same, judging that the attack mode is Land attack, and marking the Land attack as L;
s2: when SYN connection received in unit time exceeds a threshold value set by a system, judging that the attack mode is TCP SYN attack, and marking the attack mode as S;
s3: when the size Of the data packet is larger than 65535 bytes, judging that the attack mode is Ping Of Death attack, and marking the attack mode as D;
s4: when the target port of the data packet is 137, 138 or 139 and the URG bit is 1, judging that the mode is WinNuke attack and marking the mode as W;
s5: when the slice offset of the sliced data in the data packet is wrong, judging that the attack mode is a Teardrop attack, and marking the Teardrop attack as T;
s6: when the data packet sends a connection request to the non-use port, the attack mode is judged to be TCP/UDP port scanning attack, and the attack mode is marked as U.
Preferably, the virus attack detection module includes an operation speed detection unit, a system resource detection unit and a file integrity detection unit, and the operation speed detection unit includes a system start speed detection unit, a file open speed detection unit and a program loading speed detection unit.
Preferably, the data storage module is used for storing system data, the data storage module comprises an internal storage hard disk, an internal standby hard disk and an external storage hard disk, and a network on-off control module is arranged between the data storage module and the server.
Preferably, the early warning display module comprises an intelligent terminal and an alarm lamp, the intelligent terminal comprises an intelligent mobile phone, an intelligent display and a notebook computer, the early warning display module is connected with the server through an Ethernet, when the server receives a hacker intrusion instruction, the server sends the hacker intrusion display instruction and an intrusion mode to the intelligent terminal, and the alarm lamp is set to be red; when the server receives a virus attack instruction, the server sends a virus attack display instruction to the intelligent terminal, and meanwhile, the alarm lamp is set to be blue; when the server receives a system protection instruction, the server sends a system protection display instruction to the intelligent terminal, and meanwhile, the alarm lamp is set to be yellow, and the type of the alarm lamp is ssjd-001.
Preferably, the network on-off control module is used for controlling whether the data storage module is accessed, when the server does not receive a hacker intrusion instruction and a virus attack instruction, the network on-off control module controls the internal storage hard disk and the external storage hard disk to be simultaneously connected with the server, and when the server receives the hacker intrusion instruction and the virus attack instruction, the network on-off control module controls to cut off the connection between the internal storage hard disk and the server and keep the connection between the external storage hard disk and the server.
The invention has the beneficial effects that:
the invention is provided with a hacker intrusion detection module, analyzes and learns the intrusion mode of the hacker, establishes an intrusion characteristic library, analyzes whether the hacker intrusion occurs or not by comparing and matching a data packet with the intrusion characteristic library, and if the matching is successful, the hacker intrusion detection module sends a hacker intrusion instruction to a server; the method comprises the steps that a virus attack detection module is arranged, the system starting speed, the file opening speed and the degree loading speed are detected, the running speed is calculated by combining a formula, the resource occupancy rate of the system is detected by a system resource detection unit, the ratio of the number of different comparison results of a digital abstract and a digital abstract database to the total number of files is detected by a file integrity unit, a virus threat coefficient is obtained by the formula, and if the virus threat coefficient is larger than a preset threshold value, the attack detection module sends a virus attack instruction to a server; the system protection detection module is arranged, the starting state of the firewall, the updating state of the firewall and the updating state of the intrusion feature library are detected, the system protection safety coefficient is calculated through a formula, and when the system protection safety coefficient is larger than a preset threshold value, the system protection detection module sends a system protection instruction to the server; the hacker intrusion detection module, the virus attack detection module and the system protection detection module are jointly used, so that the protection of the system is more comprehensive, and the system safety can be well ensured;
the early warning display module is arranged, corresponding information is displayed after the early warning display module receives an instruction of the server, the warning lamps are set to be different colors according to different instructions, the early warning information is more detailed, and classified early warning of system safety is realized;
the data storage module of the invention is divided into an internal storage hard disk and an external storage hard disk, and is also provided with an internal standby hard disk connected with the internal storage hard disk, when the server is invaded by hackers or attacked by viruses, the connection between the internal storage hard disk and the server can be cut off in time by the network on-off control module, and the internal standby hard disk is used for carrying out timing backup on the data of the internal storage hard disk, thereby ensuring the data security of the system from multiple aspects.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a schematic block diagram of the present invention.
Detailed Description
The technical solutions of the present invention will be described clearly and completely with reference to the following embodiments, and it should be understood that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
As shown in fig. 1, a computer network security control system and a control method thereof includes a server, a hacker intrusion detection module, a virus attack detection module, a system protection detection module, a data storage module, a network on-off control module, a power supply module and an early warning display module;
the hacker intrusion detection module analyzes the data packet invaded by the hacker, establishes an intrusion characteristic library, and compares and matches the received data packet with the intrusion characteristic library, and the specific detection steps are as follows:
the method comprises the following steps: establishing an intrusion characteristic library by analyzing an intrusion mode of a hacker;
step two: analyzing the data packet received by the system, comparing and matching the analysis result with the attack mode in the intrusion feature library, if the matching is successful, sending a hacker intrusion instruction to the server, and sending a mark corresponding to the attack mode to the server; if the matching is unsuccessful, the hacker intrusion detection module does not respond;
step three: the characteristic database and the sent hacker intrusion instruction record are sent to a data storage module through a server;
the virus attack detection module is used for detecting whether the system is attacked by the virus, and the specific detection steps are as follows:
q1: the starting speed of the system is detected by a system starting speed detection unit and is marked as Vq(ii) a The opening speed of the file in the system is detected by a file opening speed detection unit and is marked as Vd(ii) a Detecting the loading speed of the program in the system by a program loading speed detection unit, and marking the program loading speed as Vj;
Q2: by the formulaAcquiring an operation speed V, wherein alpha, beta and gamma are specific proportionality coefficients;
q3: counting the resource occupation condition in the system through a system resource detection unit, and marking the resource occupation rate as Z;
q4: the integrity of the files stored in the system is verified through a file integrity detection unit, a digital abstract database of the files is arranged in the file integrity detection unit, and the specific verification steps are as follows:
w1: calculating a digital abstract of a file in the system through a Hash algorithm;
w2: comparing the digital abstract obtained by calculation with a digital abstract of a corresponding file in a digital abstract database;
w3: counting the proportion of the number of the digital abstracts to the total number of the files, which is different from the comparison result of the digital abstracts and the digital abstracts database, and marking the proportion as E;
q4: by the formula B ═ V.e-·Z+EAcquiring a virus threat coefficient B, wherein the virus threat coefficient B is a specific proportionality coefficient;
q5: when the virus threat coefficient is less than or equal to a preset threshold value, the virus attack detection module does not respond; when the virus threat coefficient is larger than a preset threshold value, the virus attack detection module sends a virus attack instruction to the server;
q6: sending the virus threat coefficient and the record for sending the virus attack instruction to a data storage module through a server;
the system protection detection module comprises a firewall detection unit and an intrusion feature library detection unit, and the specific detection steps are as follows:
r1: detecting the starting state and the updating state of a system firewall through a firewall detection unit, marking the starting state Q of the firewall as '1' when the firewall is started, and marking the starting state Q of the firewall as '0' when the firewall is started; when the firewall has been updated, it updates its state GFMarked as "1", when the firewall is not updated, it updates its state GFLabeled "0";
r2: detecting the update state of the intrusion feature library by an intrusion feature library detection unit, and updating the update state G of the intrusion feature library when the intrusion feature library is updatedTMarked as '1', when the intrusion feature library is not updated, the state G is updatedTThe label is "0",
r3: by the formula F ═ Q · GF·GTObtaining a system protection safety factor F, and when the system protection safety factor is less than or equal to a set threshold value, the system protection detection module does not respond; and when the system protection safety coefficient is greater than the set threshold value, the system protection detection module sends a system protection instruction to the server.
The power supply module is used for supplying power to all modules of the system, the power supply module comprises a main power supply and a standby power supply, the main power supply is used for supplying power for daily work of all modules of the system, the standby power supply is started under the condition that the main power supply cannot work when an emergency occurs, the power supply module independently supplies power for the early warning display module and the data storage module, and a power supply on-off control module is arranged between the power supply and each module.
The hacker intrusion mode comprises a Land attack, a TCP SYN attack, a Ping Of Death attack, a WinNuke attack, a Teardrop attack and a TCP/UDP port scanning attack, and the specific analysis steps are as follows:
s1: when the source address and the target address of the data packet are the same, judging that the attack mode is Land attack, and marking the Land attack as L;
s2: when SYN connection received in unit time exceeds a threshold value set by a system, judging that the attack mode is TCP SYN attack, and marking the attack mode as S;
s3: when the size Of the data packet is larger than 65535 bytes, judging that the attack mode is Ping Of Death attack, and marking the attack mode as D;
s4: when the target port of the data packet is 137, 138 or 139 and the URG bit is 1, judging that the mode is WinNuke attack and marking the mode as W;
s5: when the slice offset of the sliced data in the data packet is wrong, judging that the attack mode is a Teardrop attack, and marking the Teardrop attack as T;
s6: when the data packet sends a connection request to the non-use port, the attack mode is judged to be TCP/UDP port scanning attack, and the attack mode is marked as U.
The virus attack detection module comprises an operation speed detection unit, a system resource detection unit and a file integrity detection unit, wherein the operation speed detection unit comprises a system starting speed detection unit, a file opening speed detection unit and a program loading speed detection unit.
The data storage module is used for storing system data, the data storage module comprises an internal storage hard disk, an internal standby hard disk and an external storage hard disk, and a network on-off control module is arranged between the data storage module and the server.
The early warning display module comprises an intelligent terminal and an alarm lamp, the intelligent terminal comprises an intelligent mobile phone, an intelligent display and a notebook computer, the early warning display module is connected with the server through the Ethernet, when the server receives a hacker intrusion instruction, the server sends the hacker intrusion display instruction and an intrusion mode to the intelligent terminal, and the alarm lamp is set to be red; when the server receives a virus attack instruction, the server sends a virus attack display instruction to the intelligent terminal, and meanwhile, the alarm lamp is set to be blue; when the server receives the system protection instruction, the server sends the system protection display instruction to the intelligent terminal, and meanwhile, the alarm lamp is set to be yellow.
The network on-off control module is used for controlling whether the data storage module is accessed, controlling the internal storage hard disk and the external storage hard disk to be simultaneously connected with the server when the server does not receive a hacker intrusion instruction and a virus attack instruction, and controlling the connection between the internal storage hard disk and the server to be cut off and keeping the connection between the external storage hard disk and the server when the server receives the hacker intrusion instruction and the virus attack instruction.
The system further comprises a fingerprint identification module, the fingerprint identification module comprises a fingerprint acquisition unit, a fingerprint feature library, a fingerprint analysis unit and a result display unit, the fingerprint identification module is used for comparing and matching the fingerprint information of the visitor with the fingerprint information in the fingerprint library, and the specific comparison steps are as follows:
n1: fingerprint information of a specific person is acquired through a fingerprint acquisition unit, and the fingerprint characteristic information after characteristic extraction is sent to a fingerprint characteristic library, wherein the specific person is a person allowed to enter a space where a system is located;
n2: fingerprint information of the visitor is collected through a fingerprint collecting unit, and the fingerprint characteristic information after characteristic extraction is sent to a fingerprint analyzing unit;
n3: the fingerprint analysis unit compares the fingerprint characteristic information of the visitor with the fingerprint characteristic information in the fingerprint characteristic library one by one, if the matching is successful, the result display unit displays that the matching is successful, otherwise, the result display unit displays that the matching is failed.
The system also comprises an image recognition module, wherein the image recognition module comprises an image acquisition unit, a facial information feature library, an image analysis unit and a result display unit, the image recognition module is used for comparing and matching the facial information of the visitor with the facial information in the facial information feature library, and the specific comparison steps are as follows:
m1: the method comprises the steps that facial information of a specific person is collected through an image collecting unit, and the facial feature information after feature extraction is sent to a facial information feature library, wherein the specific person is a person allowed to enter a space where a system is located;
m2: the method comprises the steps that facial information of a visitor is collected through an image collecting unit, and the facial feature information subjected to feature extraction is sent to an image analyzing unit;
m3: the image analysis unit compares the facial feature information of the visitor with the facial feature information in the facial information feature library one by one, if the matching is successful, the result display unit displays that the matching is successful, otherwise, the result display unit displays that the matching is failed.
The above formulas are all quantitative calculation, the formula is a formula obtained by acquiring a large amount of data and performing software simulation to obtain the latest real situation, and the preset parameters in the formula are set by the technical personnel in the field according to the actual situation.
The working principle of the invention is as follows:
starting a hacker intrusion detection module, analyzing the received data packet through the hacker intrusion detection module, comparing and matching an analysis result with an attack mode in a characteristic attack library, and if matching is successful, sending a hacker intrusion instruction to a server;
initiating a virus attackA detection module for detecting the starting speed V of the system via the system starting speed detection unitqDetecting the opening speed V of a file in the system by a file opening speed detecting unitdDetecting the degree loading speed V in the system by the degree loading speed detecting unitjObtaining the running speed V through a formula; detecting the resource occupancy rate Z in the system through a system resource detection unit; detecting the integrity of the files stored in the system through a file integrity detection unit, marking the proportion of the number of different comparison results of the statistical digital abstract and the digital abstract database to the total number of the files as E, and acquiring a virus threat coefficient B through a formula; when the virus threat coefficient is larger than a preset threshold value, the virus attack detection module sends a virus attack instruction to the server;
a start system protection detection module for detecting the start state Q and update state G of the firewall through the firewall detection unitFDetecting the update state G of the intrusion feature library by an intrusion feature library detection unitTObtaining a system protection safety coefficient F through a formula; when the system protection safety coefficient is larger than a set threshold value, the system protection detection module sends a system protection instruction to the server;
when the server receives a hacker intrusion instruction, the early warning display module displays an intrusion mode and sets an alarm lamp to be red, and meanwhile, the network on-off control module cuts off the connection between the internal storage hard disk and the server; when the server receives a virus attack instruction, the early warning display module displays a virus attack prompt and sets the alarm lamp to be blue, and meanwhile, the network on-off control module cuts off the connection between the internal storage hard disk and the server; when the server receives a system protection instruction, the early warning display module displays a system protection prompt and sets the alarm lamp to be yellow.
The foregoing is merely exemplary and illustrative of the present invention and various modifications, additions and substitutions may be made by those skilled in the art to the specific embodiments described without departing from the scope of the invention as defined in the following claims.
Claims (8)
1. A computer network security control system is characterized by comprising a server, a hacker intrusion detection module, a virus attack detection module, a system protection detection module, a data storage module, a network on-off control module, a power supply module and an early warning display module;
the hacker intrusion detection module analyzes a data packet invaded by a hacker, establishes an intrusion characteristic library, and compares and matches the received data packet with the intrusion characteristic library, and the specific detection steps are as follows:
the method comprises the following steps: establishing an intrusion characteristic library by analyzing an intrusion mode of a hacker;
step two: analyzing the data packet received by the system, comparing and matching the analysis result with the attack mode in the intrusion feature library, if the matching is successful, sending a hacker intrusion instruction to the server, and sending a mark corresponding to the attack mode to the server; if the matching is unsuccessful, the hacker intrusion detection module does not respond;
step three: the characteristic database and the sent hacker intrusion instruction record are sent to a data storage module through a server;
the virus attack detection module is used for detecting whether a system is attacked by viruses or not, and the specific detection steps are as follows:
q1: the starting speed of the system is detected by a system starting speed detection unit and is marked as Vq(ii) a The opening speed of the file in the system is detected by a file opening speed detection unit and is marked as Vd(ii) a Detecting the loading speed of the program in the system by a program loading speed detection unit, and marking the program loading speed as Vj;
Q2: by the formulaAcquiring an operation speed V, wherein alpha, beta and gamma are specific proportionality coefficients;
q3: counting the resource occupation condition in the system through a system resource detection unit, and marking the resource occupation rate as Z;
q4: the integrity of the files stored in the system is verified through a file integrity detection unit, wherein the file integrity detection unit is provided with a digital abstract database of the files, and the specific verification steps are as follows:
w1: calculating a digital abstract of a file in the system through a Hash algorithm;
w2: comparing the digital abstract obtained by calculation with a digital abstract of a corresponding file in a digital abstract database;
w3: counting the proportion of the number of the digital abstracts to the total number of the files, which is different from the comparison result of the digital abstracts and the digital abstracts database, and marking the proportion as E;
q4: by the formula B ═ V.e-·Z+EAcquiring a virus threat coefficient B, wherein the virus threat coefficient B is a specific proportionality coefficient;
q5: when the virus threat coefficient is less than or equal to a preset threshold value, the virus attack detection module does not respond; when the virus threat coefficient is larger than a preset threshold value, the virus attack detection module sends a virus attack instruction to the server;
q6: sending the virus threat coefficient and the record for sending the virus attack instruction to a data storage module through a server;
the system protection detection module comprises a firewall detection unit and an intrusion feature library detection unit, and the specific detection steps are as follows:
r1: detecting the starting state and the updating state of a system firewall through a firewall detection unit, marking the starting state Q of the firewall as '1' when the firewall is started, and marking the starting state Q of the firewall as '0' when the firewall is started; when the firewall has been updated, it updates its state GFMarked as "1", when the firewall is not updated, it updates its state GFLabeled "0";
r2: detecting the update state of the intrusion feature library by an intrusion feature library detection unit, and updating the update state G of the intrusion feature library when the intrusion feature library is updatedTMarked as '1', when the intrusion feature library is not updated, the state G is updatedTThe label is "0",
r3: by the formula F ═ Q · GF·GTAcquisition systemThe protection safety factor F is used for preventing the system protection detection module from responding when the system protection safety factor is smaller than or equal to the set threshold value; and when the system protection safety coefficient is greater than the set threshold value, the system protection detection module sends a system protection instruction to the server.
2. The computer network security control system of claim 1, wherein the power supply module is configured to supply power to each module of the system, the power supply module includes a main power source and a backup power source, the main power source is used for supplying power for each module of the system during daily operation, the backup power source is activated when the main power source fails to operate in case of emergency, the power supply module independently supplies power to the pre-warning display module and the data storage module, and a power on-off control module is disposed between the power supply module and each module.
3. The computer network security control system Of claim 1, wherein the hacking methods include Land attack, TCP SYN attack, Ping Of Death attack, WinNuke attack, teradrop attack, and TCP/UDP port scan attack, and the specific analysis steps include:
s1: when the source address and the target address of the data packet are the same, judging that the attack mode is Land attack, and marking the Land attack as L;
s2: when SYN connection received in unit time exceeds a threshold value set by a system, judging that the attack mode is TCP SYN attack, and marking the attack mode as S;
s3: when the size Of the data packet is larger than 65535 bytes, judging that the attack mode is Ping Of Death attack, and marking the attack mode as D;
s4: when the target port of the data packet is 137, 138 or 139 and the URG bit is 1, judging that the mode is WinNuke attack and marking the mode as W;
s5: when the slice offset of the sliced data in the data packet is wrong, judging that the attack mode is a Teardrop attack, and marking the Teardrop attack as T;
s6: when the data packet sends a connection request to the non-use port, the attack mode is judged to be TCP/UDP port scanning attack, and the attack mode is marked as U.
4. The computer network security control system of claim 1, wherein the virus attack detection module comprises a running speed detection unit, a system resource detection unit and a file integrity detection unit, and the running speed detection unit comprises a system start speed detection unit, a file open speed detection unit and a program load speed detection unit.
5. The computer network security control system of claim 1, wherein the data storage module is configured to store system data, the data storage module includes an internal storage hard disk, an internal backup hard disk and an external storage hard disk, and a network on-off control module is disposed between the data storage module and the server.
6. The computer network security control system according to claim 1, wherein the early warning display module comprises an intelligent terminal and an alarm lamp, the intelligent terminal comprises a smart phone, an intelligent display and a notebook computer, the early warning display module is connected with the server through an ethernet, when the server receives a hacker intrusion instruction, the server sends the hacker intrusion display instruction and an intrusion mode to the intelligent terminal, and the alarm lamp is set to be red; when the server receives a virus attack instruction, the server sends a virus attack display instruction to the intelligent terminal, and meanwhile, the alarm lamp is set to be blue; when the server receives the system protection instruction, the server sends the system protection display instruction to the intelligent terminal, and meanwhile, the alarm lamp is set to be yellow.
7. The computer network security control system of claim 1, wherein the network on-off module is configured to control whether the data storage module is accessed, and when the server does not receive the hacking instruction and the virus attack instruction, the network on-off control module controls the internal storage hard disk and the external storage hard disk to be simultaneously connected to the server, and when the server receives the hacking instruction and the virus attack instruction, the network on-off control module controls to disconnect the internal storage hard disk from the server and maintain the connection between the external storage hard disk and the server.
8. The computer network security control system of claim 1, wherein the control method of the system comprises the steps of:
the method comprises the following steps: starting a hacker intrusion detection module, analyzing the received data packet through the hacker intrusion detection module, comparing and matching an analysis result with an attack mode in a characteristic attack library, and if matching is successful, sending a hacker intrusion instruction to a server;
step two: a start virus attack detection module for detecting the start speed V of the system by a system start speed detection unitqDetecting the opening speed V of a file in the system by a file opening speed detecting unitdDetecting the degree loading speed V in the system by the degree loading speed detecting unitjBy the formulaAcquiring an operation speed V; detecting the resource occupancy rate Z in the system through a system resource detection unit; detecting the integrity of the stored files of the system by a file integrity detection unit, marking the proportion of the number of different comparison results of the statistical number abstract and the digital abstract database to the total number of the files as E, and using a formula B as V.e-·Z+EAcquiring a virus threat coefficient B; when the virus threat coefficient is larger than a preset threshold value, the virus attack detection module sends a virus attack instruction to the server;
step three: a start system protection detection module for detecting the start state Q and update state G of the firewall through the firewall detection unitFDetecting the update state G of the intrusion feature library by an intrusion feature library detection unitTBy the formula F ═ Q · GF·GTObtaining a system protection safety factor F; secure system for system protectionWhen the number is larger than the set threshold value, the system protection detection module sends a system protection instruction to the server;
step four: when the server receives a hacker intrusion instruction, the early warning display module displays an intrusion mode and sets an alarm lamp to be red, and meanwhile, the network on-off control module cuts off the connection between the internal storage hard disk and the server; when the server receives a virus attack instruction, the early warning display module displays a virus attack prompt and sets the alarm lamp to be blue, and meanwhile, the network on-off control module cuts off the connection between the internal storage hard disk and the server; when the server receives a system protection instruction, the early warning display module displays a system protection prompt and sets the alarm lamp to be yellow.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010783414.1A CN112087429A (en) | 2020-08-06 | 2020-08-06 | Computer network safety control system and control method thereof |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010783414.1A CN112087429A (en) | 2020-08-06 | 2020-08-06 | Computer network safety control system and control method thereof |
Publications (1)
Publication Number | Publication Date |
---|---|
CN112087429A true CN112087429A (en) | 2020-12-15 |
Family
ID=73735431
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010783414.1A Withdrawn CN112087429A (en) | 2020-08-06 | 2020-08-06 | Computer network safety control system and control method thereof |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112087429A (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112667427A (en) * | 2020-12-31 | 2021-04-16 | 上海磐御网络科技有限公司 | Network security system based on virtualization technology |
CN112866278A (en) * | 2021-02-04 | 2021-05-28 | 许昌学院 | Computer network information safety protection system based on big data |
CN112927465A (en) * | 2021-01-29 | 2021-06-08 | 安徽佳美瑞物联科技有限公司 | Villa security system running state real-time monitoring alarm system |
CN113591086A (en) * | 2021-07-28 | 2021-11-02 | 西安中诺通讯有限公司 | Terminal safety management method, device, terminal and storage medium |
CN113918940A (en) * | 2021-12-13 | 2022-01-11 | 苏州浪潮智能科技有限公司 | Computer service system and server |
-
2020
- 2020-08-06 CN CN202010783414.1A patent/CN112087429A/en not_active Withdrawn
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112667427A (en) * | 2020-12-31 | 2021-04-16 | 上海磐御网络科技有限公司 | Network security system based on virtualization technology |
CN112927465A (en) * | 2021-01-29 | 2021-06-08 | 安徽佳美瑞物联科技有限公司 | Villa security system running state real-time monitoring alarm system |
CN112866278A (en) * | 2021-02-04 | 2021-05-28 | 许昌学院 | Computer network information safety protection system based on big data |
CN112866278B (en) * | 2021-02-04 | 2023-04-07 | 许昌学院 | Computer network information safety protection system based on big data |
CN113591086A (en) * | 2021-07-28 | 2021-11-02 | 西安中诺通讯有限公司 | Terminal safety management method, device, terminal and storage medium |
CN113918940A (en) * | 2021-12-13 | 2022-01-11 | 苏州浪潮智能科技有限公司 | Computer service system and server |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN112087429A (en) | Computer network safety control system and control method thereof | |
US10516689B2 (en) | Distributed data surveillance in a community capture environment | |
US10848514B2 (en) | Data surveillance for privileged assets on a computer network | |
US20180288084A1 (en) | Method and device for automatically establishing intrusion detection model based on industrial control network | |
US8166553B2 (en) | Method and apparatus for detecting unauthorized-access, and computer product | |
CN108737410B (en) | Limited knowledge industrial communication protocol abnormal behavior detection method based on feature association | |
CN112187792A (en) | Network information safety protection system based on internet | |
US20030115486A1 (en) | Intrusion detection method using adaptive rule estimation in network-based instrusion detection system | |
US10523698B2 (en) | Data surveillance system with patterns of centroid drift | |
CN112653654A (en) | Security monitoring method and device, computer equipment and storage medium | |
WO2021253899A1 (en) | Targeted attack detection method and apparatus, and computer-readable storage medium | |
CN113422763B (en) | Alarm correlation analysis method constructed based on attack scene | |
CN110768946A (en) | Industrial control network intrusion detection system and method based on bloom filter | |
CN112153336B (en) | Monitoring method and related equipment | |
CN111786986B (en) | Numerical control system network intrusion prevention system and method | |
CN111669371B (en) | Network attack restoration system and method suitable for power network | |
CN111526020A (en) | Safety sharing method | |
CN115550049A (en) | Vulnerability detection method and system for Internet of things equipment | |
US11621972B2 (en) | System and method for protection of an ICS network by an HMI server therein | |
CN115567258A (en) | Network security situation awareness method, system, electronic device and storage medium | |
CN115396166A (en) | Enterprise cloud office platform service management method based on big data | |
CN111343193B (en) | Cloud network port security protection method and device, electronic equipment and storage medium | |
CN113783875A (en) | Fire protection system for network information security and use method thereof | |
CN113542186A (en) | Monitoring system based on network security and early warning method thereof | |
CN110912869A (en) | Big data-based monitoring and reminding method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
CB02 | Change of applicant information | ||
CB02 | Change of applicant information |
Address after: 545000 1603-04, Xincheng Zhibu building, 111 Xinliu Avenue, Liuzhou City, Guangxi Zhuang Autonomous Region Applicant after: Liuzhou Suwen Information Technology Co.,Ltd. Address before: Room 705, building 2, Guantang R & D center, No. 10, Shuangren Road, Liudong New District, Yufeng District, Liuzhou City, Guangxi Zhuang Autonomous Region Applicant before: Liuzhou Fengyasang Technology Co.,Ltd. |
|
WW01 | Invention patent application withdrawn after publication | ||
WW01 | Invention patent application withdrawn after publication |
Application publication date: 20201215 |